From 06033ed96e5ee4c304caee9090fbf9d4eaac5318 Mon Sep 17 00:00:00 2001
From: Dmitri Bogomolov <4glitch@gmail.com>
Date: Fri, 26 Oct 2018 14:45:37 +0300
Subject: [PATCH] Fixed response for bad username or password and content-type
 header

(closes #244)
---
 src/api.py | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/src/api.py b/src/api.py
index 5f2c9ca6..d1566630 100644
--- a/src/api.py
+++ b/src/api.py
@@ -12,6 +12,7 @@ import base64
 import ConfigParser
 import errno
 import hashlib
+import httplib
 import json
 import random  # nosec
 import socket
@@ -92,6 +93,7 @@ class singleAPI(StoppableThread):
             errno.WSAEADDRINUSE = errno.EADDRINUSE
 
         RPCServerBase = SimpleXMLRPCServer
+        ct = 'text/xml'
         if BMConfigParser().safeGet(
                 'bitmessagesettings', 'apivariant') == 'json':
             try:
@@ -100,11 +102,14 @@ class singleAPI(StoppableThread):
             except ImportError:
                 logger.warning(
                     'jsonrpclib not available, failing back to XML-RPC')
+            else:
+                ct = 'application/json-rpc'
 
         # Nested class. FIXME not found a better solution.
         class StoppableRPCServer(RPCServerBase):
             """A SimpleXMLRPCServer that honours state.shutdown"""
             allow_reuse_address = True
+            content_type = ct
 
             def serve_forever(self, poll_interval=None):
                 """Start the RPCServer"""
@@ -237,11 +242,11 @@ class BMXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
             validuser = self.APIAuthenticateClient()
             if not validuser:
                 time.sleep(2)
-                # ProtocolError?
-                response = (
-                    "RPC Username or password incorrect or HTTP header"
-                    " lacks authentication at all."
-                )
+                self.send_response(httplib.UNAUTHORIZED)
+                self.end_headers()
+                return
+                # "RPC Username or password incorrect or HTTP header"
+                # " lacks authentication at all."
             else:
                 # In previous versions of SimpleXMLRPCServer, _dispatch
                 # could be overridden in this class, instead of in
@@ -259,7 +264,7 @@ class BMXMLRPCRequestHandler(SimpleXMLRPCRequestHandler):
         else:
             # got a valid XML RPC response
             self.send_response(200)
-            self.send_header("Content-type", "text/xml")
+            self.send_header("Content-type", self.server.content_type)
             self.send_header("Content-length", str(len(response)))
 
             # HACK :start -> sends cookies here